Earlier this week, the US Department of Justice announced the arrest of 27-year-old Russian named Kryuchkov Yegor Igorevich, who came to the United States on a tourist visa. According to court documents, he was accused of attempting to bribe an employee of a company based in Nevada: Kryuchkov offered a million dollars to install malware on the Tesla network to hacking and stealing company’s data.
Although the indictment did not disclose the name of this victim company, several news outlets reported at once that the attack targeted precisely at Tesla, which owns a plant located in the city of Sparks, Nevada.
Tesla representatives did not comment on these rumors in any way, but last night the head of the company, Elon Musk, officially confirmed on Twitter that Tesla was the target of the attackers.
“Much appreciated. This was a serious attack”, — wrote Elon Musk on Twitter.
Law enforcement officials say that Kryuchkov is a member of a large criminal group that planned to use malware to gain access to the victim’s company network, steal confidential documents, and finally for demanding a ransom. At the same time, Kryuchkov promised a Tesla employee that other members of his “team” would launch a DDoS attack in order to distract the attention of the security service and hide the fact of data theft.
However, all the plans of the hackers collapsed, as the insider whom they tried to recruit reported about what was happening to the FBI. As a result, the FBI agents kept Kryuchkov under surveillance for almost the entire time of his stay in the United States, and then arrested him, collecting all the evidence necessary for prosecution.
ZDNet journalists compiled a chronology of what happened, fearing information from court papers. In the meantime, there is no need to know about it:
- July 16: Kryuchkov contacts a Tesla employee (identified in the documents as CHS1) via WhatsApp and talks about his plans to visit the United States. The fact is that this person knew Kryuchkov before – they met back in 2016.
- July 28: Kryuchkov flies from Russia to New York, travels to San Francisco and then to Reno, Nevada.
- August 1: Kryuchkov contacts CHS1 by phone.
- August 2 and 3: Kryuchkov, CHS1 and his friends go to Lake Tahoe, and Kryuchkov pays all expenses, and also tries not to get into the video surveillance.
- August 3: On the last day of the trip, in the bar, late in the evening, Kryuchkov informs CHS1 that he is working in a certain group that deals with “special projects.” Allegedly, this group pays employees of various companies to install malware on the networks of their employers. Then Kryuchkov describes the entire scheme in detail and says that he can provide CHS1 with malware on a USB flash drive or send it by email.
First, Kryuchkov told the employee that he would be paid $ 500,000 to install the malware, while Kryuchkov’s “colleagues” would arrange a DDoS attack to disguise the fact of data theft. As a result, CHS1 reports Kryuchkov to the FBI, and all their subsequent meetings are already under observation. - August 7: Kryuchkov has another meeting with CHS1. During this meeting, he again tries to convince CHS1 to take part in the criminal scheme, but this time he assures that his “team” has been running such “special projects” for many years, and insiders who have collaborated with them have been caught, still working in the same companies. Kryuchkov also suggests creating the impression that the infection comes from another employee at all (in case CHS1 wants to teach someone a lesson). During this meeting, CHS1 asks for $ 1,000,000 and also asks for an advance of $ 50,000.
- August 17: At another meeting, Kryuchkov discloses details of the group he works for. Specifically, he reveals that they make payments using escrow on Exploit (the name of a well-known hacker forum). Kryuchkov also says that he has already recruited at least two other insiders in the same way, and one of the companies hacked in the past has already paid the hackers a ransom of $ 4,000,000.
In addition, Kryuchkov and CHS1 contact other members of the criminal group via WhatsApp and discuss payment and escrow details. Kryuchkov assures that one of the group members is an employee of a state Russian bank, and the group has already paid about $ 250,000 for the malware that was written specifically for the company where CHS1 works. Kryuchkov left the CHS1 phone number to be contacted in the future. - August 18: During the next meeting, Kryuchkov informs CHS1 that his “team” refused to pay the advance, because hackers had never done that before. However, they are allegedly ready to pay CHS1 million after cooperation. Kryuchkov said his own stake was reduced to $ 250,000 due to CHS1 requirements. He also said that he would need to provide “colleagues” with more detailed information about the employer’s network of CHS1, so that they can configure the malware.
- August 19: Kryuchkov met with CHS1 again and said that the group is still ready to make an advance payment of 1 bitcoin.
- August 21: Kryuchkov once again met with CHS1 and unexpectedly announced that this “special project” had been postponed due to another “special project” already launched, which should have brought the group a lot of money and so far requires concentration of all efforts. Kryuchkov said that he was leaving the United States and left instructions to the insider, in which he told in detail how the members of the criminal group would contact him in the future.
After this meeting, the FBI agent contacted Kryuchkov by phone, and he tried to leave the country, but was eventually arrested in Los Angeles the next day.
Currently, Yegor Kryuchkov is in custody and the relevant charges have already been brought against him. If the court finds him guilty, he faces up to five years in prison.
Let me also remind you that I wrote about the IS researcher found that the Tesla Model 3 interface is vulnerable to DoS attacks.